1 /* trust.c - High level trust functions
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008, 2012 Free Software Foundation, Inc.
4 * Copyright (C) 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
38 /* Return true if key is disabled. Note that this is usually used via
39 the pk_is_disabled macro. */
41 cache_disabled_value (PKT_public_key *pk)
43 #ifdef NO_TRUST_MODELS
47 return tdb_cache_disabled_value (pk);
53 register_trusted_keyid (u32 *keyid)
55 #ifdef NO_TRUST_MODELS
58 tdb_register_trusted_keyid (keyid);
64 register_trusted_key (const char *string)
66 #ifdef NO_TRUST_MODELS
69 tdb_register_trusted_key (string);
76 * This function returns a letter for a trust value. Trust flags
80 trust_letter (unsigned int value)
82 switch( (value & TRUST_MASK) )
84 case TRUST_UNKNOWN: return '-';
85 case TRUST_EXPIRED: return 'e';
86 case TRUST_UNDEFINED: return 'q';
87 case TRUST_NEVER: return 'n';
88 case TRUST_MARGINAL: return 'm';
89 case TRUST_FULLY: return 'f';
90 case TRUST_ULTIMATE: return 'u';
96 /* The strings here are similar to those in
97 pkclist.c:do_edit_ownertrust() */
99 trust_value_to_string (unsigned int value)
101 switch ((value & TRUST_MASK))
103 case TRUST_UNKNOWN: return _("unknown");
104 case TRUST_EXPIRED: return _("expired");
105 case TRUST_UNDEFINED: return _("undefined");
106 case TRUST_NEVER: return _("never");
107 case TRUST_MARGINAL: return _("marginal");
108 case TRUST_FULLY: return _("full");
109 case TRUST_ULTIMATE: return _("ultimate");
110 default: return "err";
116 string_to_trust_value (const char *str)
118 if (!ascii_strcasecmp (str, "undefined"))
119 return TRUST_UNDEFINED;
120 else if (!ascii_strcasecmp (str, "never"))
122 else if (!ascii_strcasecmp (str, "marginal"))
123 return TRUST_MARGINAL;
124 else if (!ascii_strcasecmp (str, "full"))
126 else if (!ascii_strcasecmp(str, "ultimate"))
127 return TRUST_ULTIMATE;
134 uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
138 /* TRANSLATORS: these strings are similar to those in
139 trust_value_to_string(), but are a fixed length. This is needed to
140 make attractive information listings where columns line up
141 properly. The value "10" should be the length of the strings you
142 choose to translate to. This is the length in printable columns.
143 It gets passed to atoi() so everything after the number is
144 essentially a comment and need not be translated. Either key and
145 uid are both NULL, or neither are NULL. */
146 return _("10 translator see trust.c:uid_trust_string_fixed");
148 else if(uid->is_revoked || (key && key->flags.revoked))
149 return _("[ revoked]");
150 else if(uid->is_expired)
151 return _("[ expired]");
154 switch (get_validity (ctrl, NULL, key, uid, NULL, 0) & TRUST_MASK)
156 case TRUST_UNKNOWN: return _("[ unknown]");
157 case TRUST_EXPIRED: return _("[ expired]");
158 case TRUST_UNDEFINED: return _("[ undef ]");
159 case TRUST_NEVER: return _("[ never ]");
160 case TRUST_MARGINAL: return _("[marginal]");
161 case TRUST_FULLY: return _("[ full ]");
162 case TRUST_ULTIMATE: return _("[ultimate]");
172 * Return the assigned ownertrust value for the given public key.
173 * The key should be the primary key.
176 get_ownertrust (PKT_public_key *pk)
178 #ifdef NO_TRUST_MODELS
180 return TRUST_UNKNOWN;
182 return tdb_get_ownertrust (pk);
188 * Same as get_ownertrust but this takes the minimum ownertrust value
189 * into into account, and will bump up the value as needed.
192 get_ownertrust_with_min (PKT_public_key *pk)
194 #ifdef NO_TRUST_MODELS
196 return TRUST_UNKNOWN;
198 unsigned int otrust, otrust_min;
200 otrust = (tdb_get_ownertrust (pk) & TRUST_MASK);
201 otrust_min = tdb_get_min_ownertrust (pk);
202 if (otrust < otrust_min)
204 /* If the trust that the user has set is less than the trust
205 that was calculated from a trust signature chain, use the
206 higher of the two. We do this here and not in
207 get_ownertrust since the underlying ownertrust should not
208 really be set - just the appearance of the ownertrust. */
219 * Same as get_ownertrust but return a trust letter instead of an
220 * value. This takes the minimum ownertrust value into account.
223 get_ownertrust_info (PKT_public_key *pk)
225 return trust_letter (get_ownertrust_with_min (pk));
230 * Same as get_ownertrust but return a trust string instead of an
231 * value. This takes the minimum ownertrust value into account.
234 get_ownertrust_string (PKT_public_key *pk)
236 return trust_value_to_string (get_ownertrust_with_min (pk));
241 * Set the trust value of the given public key to the new value.
242 * The key should be a primary one.
245 update_ownertrust (PKT_public_key *pk, unsigned int new_trust)
247 #ifdef NO_TRUST_MODELS
251 tdb_update_ownertrust (pk, new_trust);
257 clear_ownertrusts (PKT_public_key *pk)
259 #ifdef NO_TRUST_MODELS
263 return tdb_clear_ownertrusts (pk);
269 revalidation_mark (void)
271 #ifndef NO_TRUST_MODELS
272 tdb_revalidation_mark ();
278 check_trustdb_stale (ctrl_t ctrl)
280 #ifndef NO_TRUST_MODELS
281 tdb_check_trustdb_stale (ctrl);
289 check_or_update_trustdb (ctrl_t ctrl)
291 #ifndef NO_TRUST_MODELS
292 tdb_check_or_update (ctrl);
300 * Return the validity information for KB/PK (at least one must be
301 * non-NULL). If the namehash is not NULL, the validity of the
302 * corresponding user ID is returned, otherwise, a reasonable value
303 * for the entire key is returned.
306 get_validity (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk, PKT_user_id *uid,
307 PKT_signature *sig, int may_ask)
310 unsigned int validity;
312 PKT_public_key *main_pk;
315 log_assert (keyid_cmp (pk_main_keyid (pk),
316 pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
321 pk = kb->pkt->pkt.public_key;
325 namehash_from_uid (uid);
327 keyid_from_pk (pk, kid);
328 if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
330 /* This is a subkey - get the mainkey. */
332 main_pk = kb->pkt->pkt.public_key;
335 main_pk = xmalloc_clear (sizeof *main_pk);
336 rc = get_pubkey (main_pk, pk->main_keyid);
339 char *tempkeystr = xstrdup (keystr (pk->main_keyid));
340 log_error ("error getting main key %s of subkey %s: %s\n",
341 tempkeystr, keystr (kid), gpg_strerror (rc));
343 validity = TRUST_UNKNOWN;
351 #ifdef NO_TRUST_MODELS
352 validity = TRUST_UNKNOWN;
354 validity = tdb_get_validity_core (ctrl, kb, pk, uid, main_pk, sig, may_ask);
358 /* Set some flags direct from the key */
359 if (main_pk->flags.revoked)
360 validity |= TRUST_FLAG_REVOKED;
361 if (main_pk != pk && pk->flags.revoked)
362 validity |= TRUST_FLAG_SUB_REVOKED;
363 /* Note: expiration is a trust value and not a flag - don't know why
364 * I initially designed it that way. */
365 if (main_pk->has_expired || pk->has_expired)
366 validity = ((validity & (~TRUST_MASK | TRUST_FLAG_PENDING_CHECK))
369 if (main_pk != pk && !kb)
370 free_public_key (main_pk);
376 get_validity_info (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
382 log_assert (keyid_cmp (pk_main_keyid (pk),
383 pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
386 pk = kb->pkt->pkt.public_key;
388 return '?'; /* Just in case a NULL PK is passed. */
390 trustlevel = get_validity (ctrl, kb, pk, uid, NULL, 0);
391 if ((trustlevel & TRUST_FLAG_REVOKED))
393 return trust_letter (trustlevel);
398 get_validity_string (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
403 return "err"; /* Just in case a NULL PK is passed. */
405 trustlevel = get_validity (ctrl, NULL, pk, uid, NULL, 0);
406 if ((trustlevel & TRUST_FLAG_REVOKED))
408 return trust_value_to_string (trustlevel);
414 * Mark the signature of the given UID which are used to certify it.
415 * To do this, we first revmove all signatures which are not valid and
416 * from the remain ones we look for the latest one. If this is not a
417 * certification revocation signature we mark the signature by setting
418 * node flag bit 8. Revocations are marked with flag 11, and sigs
419 * from unavailable keys are marked with flag 12. Note that flag bits
420 * 9 and 10 are used for internal purposes.
423 mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
424 u32 *main_kid, struct key_item *klist,
425 u32 curtime, u32 *next_expire)
430 /* First check all signatures. */
431 for (node=uidnode->next; node; node = node->next)
435 node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
436 if (node->pkt->pkttype == PKT_USER_ID
437 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
438 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
440 if (node->pkt->pkttype != PKT_SIGNATURE)
442 sig = node->pkt->pkt.signature;
444 && sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
445 continue; /* ignore self-signatures if we pass in a main_kid */
446 if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
447 continue; /* we only look at these signature classes */
448 if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
449 sig->sig_class-0x10<opt.min_cert_level)
450 continue; /* treat anything under our min_cert_level as an
452 if (klist && !is_in_klist (klist, sig))
453 continue; /* no need to check it then */
454 if ((rc=check_key_signature (keyblock, node, NULL)))
456 /* we ignore anything that won't verify, but tag the
458 if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
464 /* Reset the remaining flags. */
465 for (; node; node = node->next)
466 node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
468 /* kbnode flag usage: bit 9 is here set for signatures to consider,
469 * bit 10 will be set by the loop to keep track of keyIDs already
470 * processed, bit 8 will be set for the usable signatures, and bit
471 * 11 will be set for usable revocations. */
473 /* For each cert figure out the latest valid one. */
474 for (node=uidnode->next; node; node = node->next)
480 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
481 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
483 if ( !(node->flag & (1<<9)) )
484 continue; /* not a node to look at */
485 if ( (node->flag & (1<<10)) )
486 continue; /* signature with a keyID already processed */
487 node->flag |= (1<<10); /* mark this node as processed */
488 sig = node->pkt->pkt.signature;
490 sigdate = sig->timestamp;
491 kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1];
493 /* Now find the latest and greatest signature */
494 for (n=uidnode->next; n; n = n->next)
496 if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY
497 || n->pkt->pkttype == PKT_SECRET_SUBKEY)
499 if ( !(n->flag & (1<<9)) )
501 if ( (n->flag & (1<<10)) )
502 continue; /* shortcut already processed signatures */
503 sig = n->pkt->pkt.signature;
504 if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
506 n->flag |= (1<<10); /* mark this node as processed */
508 /* If signode is nonrevocable and unexpired and n isn't,
509 then take signode (skip). It doesn't matter which is
510 older: if signode was older then we don't want to take n
511 as signode is nonrevocable. If n was older then we're
512 automatically fine. */
514 if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
515 !signode->pkt->pkt.signature->flags.revocable &&
516 (signode->pkt->pkt.signature->expiredate==0 ||
517 signode->pkt->pkt.signature->expiredate>curtime))) &&
518 (!(IS_UID_SIG(n->pkt->pkt.signature) &&
519 !n->pkt->pkt.signature->flags.revocable &&
520 (n->pkt->pkt.signature->expiredate==0 ||
521 n->pkt->pkt.signature->expiredate>curtime))))
524 /* If n is nonrevocable and unexpired and signode isn't,
525 then take n. Again, it doesn't matter which is older: if
526 n was older then we don't want to take signode as n is
527 nonrevocable. If signode was older then we're
528 automatically fine. */
530 if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
531 !signode->pkt->pkt.signature->flags.revocable &&
532 (signode->pkt->pkt.signature->expiredate==0 ||
533 signode->pkt->pkt.signature->expiredate>curtime))) &&
534 ((IS_UID_SIG(n->pkt->pkt.signature) &&
535 !n->pkt->pkt.signature->flags.revocable &&
536 (n->pkt->pkt.signature->expiredate==0 ||
537 n->pkt->pkt.signature->expiredate>curtime))))
540 sigdate = sig->timestamp;
544 /* At this point, if it's newer, it goes in as the only
545 remaining possibilities are signode and n are both either
546 revocable or expired or both nonrevocable and unexpired.
547 If the timestamps are equal take the later ordered
548 packet, presuming that the key packets are hopefully in
549 their original order. */
551 if (sig->timestamp >= sigdate)
554 sigdate = sig->timestamp;
558 sig = signode->pkt->pkt.signature;
559 if (IS_UID_SIG (sig))
560 { /* this seems to be a usable one which is not revoked.
561 * Just need to check whether there is an expiration time,
562 * We do the expired certification after finding a suitable
563 * certification, the assumption is that a signator does not
564 * want that after the expiration of his certificate the
565 * system falls back to an older certification which has a
566 * different expiration time */
570 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
571 expire = p? sig->timestamp + buf32_to_u32(p) : 0;
573 if (expire==0 || expire > curtime )
575 signode->flag |= (1<<8); /* yeah, found a good cert */
576 if (next_expire && expire && expire < *next_expire)
577 *next_expire = expire;
581 signode->flag |= (1<<11);
587 clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode,
588 int noisy, int self_only)
594 log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
595 || keyblock->pkt->pkttype == PKT_SECRET_KEY);
597 keyid_from_pk (keyblock->pkt->pkt.public_key, keyid);
599 /* Passing in a 0 for current time here means that we'll never weed
600 out an expired sig. This is correct behavior since we want to
601 keep the most recent expired sig in a series. */
602 mark_usable_uid_certs (keyblock, uidnode, NULL, NULL, 0, NULL);
604 /* What we want to do here is remove signatures that are not
605 considered as part of the trust calculations. Thus, all invalid
606 signatures are out, as are any signatures that aren't the last of
607 a series of uid sigs or revocations It breaks down like this:
608 coming out of mark_usable_uid_certs, if a sig is unflagged, it is
609 not even a candidate. If a sig has flag 9 or 10, that means it
610 was selected as a candidate and vetted. If a sig has flag 8 it
611 is a usable signature. If a sig has flag 11 it is a usable
612 revocation. If a sig has flag 12 it was issued by an unavailable
613 key. "Usable" here means the most recent valid
614 signature/revocation in a series from a particular signer.
616 Delete everything that isn't a usable uid sig (which might be
617 expired), a usable revocation, or a sig from an unavailable
620 for (node=uidnode->next;
621 node && node->pkt->pkttype==PKT_SIGNATURE;
626 keep = self_only? (node->pkt->pkt.signature->keyid[0] == keyid[0]
627 && node->pkt->pkt.signature->keyid[1] == keyid[1]) : 1;
629 /* Keep usable uid sigs ... */
630 if ((node->flag & (1<<8)) && keep)
633 /* ... and usable revocations... */
634 if ((node->flag & (1<<11)) && keep)
637 /* ... and sigs from unavailable keys. */
638 /* disabled for now since more people seem to want sigs from
639 unavailable keys removed altogether. */
641 if(node->flag & (1<<12))
645 /* Everything else we delete */
647 /* At this point, if 12 is set, the signing key was unavailable.
648 If 9 or 10 is set, it's superseded. Otherwise, it's
652 log_info ("removing signature from key %s on user ID \"%s\": %s\n",
653 keystr (node->pkt->pkt.signature->keyid),
654 uidnode->pkt->pkt.user_id->name,
655 node->flag&(1<<12)? "key unavailable":
656 node->flag&(1<<9)? "signature superseded"
657 /* */ :"invalid signature" );
659 delete_kbnode (node);
667 /* This is substantially easier than clean_sigs_from_uid since we just
668 have to establish if the uid has a valid self-sig, is not revoked,
669 and is not expired. Note that this does not take into account
670 whether the uid has a trust path to it - just whether the keyholder
671 themselves has certified the uid. Returns true if the uid was
672 compacted. To "compact" a user ID, we simply remove ALL signatures
673 except the self-sig that caused the user ID to be remove-worthy.
674 We don't actually remove the user ID packet itself since it might
675 be resurrected in a later merge. Note that this function requires
676 that the caller has already done a merge_keys_and_selfsig().
678 TODO: change the import code to allow importing a uid with only a
679 revocation if the uid already exists on the keyring. */
682 clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy)
685 PKT_user_id *uid = uidnode->pkt->pkt.user_id;
688 log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
689 || keyblock->pkt->pkttype == PKT_SECRET_KEY);
690 log_assert (uidnode->pkt->pkttype==PKT_USER_ID);
692 /* Skip valid user IDs, compacted user IDs, and non-self-signed user
693 IDs if --allow-non-selfsigned-uid is set. */
695 || uid->flags.compacted
696 || (!uid->is_expired && !uid->is_revoked && opt.allow_non_selfsigned_uid))
699 for (node=uidnode->next;
700 node && node->pkt->pkttype == PKT_SIGNATURE;
703 if (!node->pkt->pkt.signature->flags.chosen_selfsig)
705 delete_kbnode (node);
707 uidnode->pkt->pkt.user_id->flags.compacted = 1;
714 char *user = utf8_to_native (uid->name, uid->len, 0);
717 reason = _("revoked");
718 else if (uid->is_expired)
719 reason = _("expired");
721 reason = _("invalid");
723 log_info ("compacting user ID \"%s\" on key %s: %s\n",
724 user, keystr_from_pk (keyblock->pkt->pkt.public_key),
734 /* Needs to be called after a merge_keys_and_selfsig() */
736 clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
737 int *uids_cleaned, int *sigs_cleaned)
741 log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
742 || keyblock->pkt->pkttype == PKT_SECRET_KEY);
743 log_assert (uidnode->pkt->pkttype==PKT_USER_ID);
746 uids_cleaned = &dummy;
749 sigs_cleaned = &dummy;
751 /* Do clean_uid_from_key first since if it fires off, we don't have
752 to bother with the other. */
753 *uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy);
754 if (!uidnode->pkt->pkt.user_id->flags.compacted)
755 *sigs_cleaned += clean_sigs_from_uid (keyblock, uidnode, noisy, self_only);
759 /* NB: This function marks the deleted nodes only and the caller is
760 * responsible to skip or remove them. */
762 clean_key (kbnode_t keyblock, int noisy, int self_only,
763 int *uids_cleaned, int *sigs_cleaned)
767 merge_keys_and_selfsig (keyblock);
769 for (node = keyblock->next;
770 node && !(node->pkt->pkttype == PKT_PUBLIC_SUBKEY
771 || node->pkt->pkttype == PKT_SECRET_SUBKEY);
774 if (node->pkt->pkttype == PKT_USER_ID)
775 clean_one_uid (keyblock, node, noisy, self_only,
776 uids_cleaned, sigs_cleaned);
779 /* Remove bogus subkey binding signatures: The only signatures
780 * allowed are of class 0x18 and 0x28. */
781 log_assert (!node || (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
782 || node->pkt->pkttype == PKT_SECRET_SUBKEY));
783 for (; node; node = node->next)
785 if (is_deleted_kbnode (node))
787 if (node->pkt->pkttype == PKT_SIGNATURE
788 && !(IS_SUBKEY_SIG (node->pkt->pkt.signature)
789 || IS_SUBKEY_REV (node->pkt->pkt.signature)))
791 delete_kbnode (node);